Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: InfoSec Handlers Diary Blog - Got packets? Interested in TCP/8909, TCP/6666, TCP/9415, TCP/27977 and UDP/7 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Got packets? Interested in TCP/8909, TCP/6666, TCP/9415, TCP/27977 and UDP/7

Published: 2012-05-14
Last Updated: 2012-05-14 21:53:44 UTC
by Mark Hofman (Version: 1)
4 comment(s)

We have noticed an increase in scanning activity to ports TCP/8909, TCP/6666, TCP/9415, TCP/27977 and UDP/7 and would love some packets if you have them. 

  • TCP/8909 - No idea what it is a new one for me. A new one and starting to trend.
  • TCP/6666 - this is probably going to be IRC, but it would be nice to confirm and see what is being scanned for.
  • TCP/9415 - this used to be associated with open proxies, but again be good to get some packets to check.
  • TCP/27977 - My first thought was gaming port, but that is just a guess.
  • UDP/7 - echo, a blast from the past.  maybe they are looking  for misconfigured or old routers and *nix boxes.

If you have any packets to the above please submit them through the contact form or email them to handlers -at- sans.edu or directly to me markh.isc -at- gmail.com

Thanks in advance.

 

Mark H

Keywords: packets
4 comment(s)
Diary Archives